Notes

https://www.tenable.com/security/research/tra-2016-12Marked as unimportant since even though the CVE is assigned for Apache Commons FileUploadApache say that issue needs to be fixed in any vendor/product using Apache Commons FileUploadDiskFileItem as described in the given advisory.Thus we are not going to diverge from Apache upstream here.